package org.zowe.apiml.gateway.security.service.schema;

import com.netflix.appinfo.InstanceInfo;
import com.netflix.zuul.context.RequestContext;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Base64;
import java.util.function.Supplier;
import lombok.Generated;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Component;
import org.zowe.apiml.auth.Authentication;
import org.zowe.apiml.auth.AuthenticationScheme;
import org.zowe.apiml.gateway.security.login.x509.X509CommonNameUserMapper;
import org.zowe.apiml.security.common.token.QueryResponse;

@Component
/* loaded from: input_file:BOOT-INF/classes/org/zowe/apiml/gateway/security/service/schema/X509Scheme.class */
public class X509Scheme implements AbstractAuthenticationScheme {

    @Generated
    private static final Logger log = LoggerFactory.getLogger((Class<?>) X509Scheme.class);

    /* loaded from: input_file:BOOT-INF/classes/org/zowe/apiml/gateway/security/service/schema/X509Scheme$X509Command.class */
    public static class X509Command extends AuthenticationCommand {
        private final String[] headers;
        public static final String PUBLIC_KEY = "X-Certificate-Public";
        public static final String DISTINGUISHED_NAME = "X-Certificate-DistinguishedName";
        public static final String COMMON_NAME = "X-Certificate-CommonName";

        public X509Command(String[] strArr) {
            this.headers = strArr;
        }

        @Override // org.zowe.apiml.gateway.security.service.schema.AuthenticationCommand
        public void apply(InstanceInfo instanceInfo) {
            RequestContext currentContext = RequestContext.getCurrentContext();
            X509Certificate[] x509CertificateArr = (X509Certificate[]) currentContext.getRequest().getAttribute("client.auth.X509Certificate");
            if (x509CertificateArr == null || x509CertificateArr.length <= 0) {
                return;
            }
            try {
                setHeader(currentContext, x509CertificateArr[0]);
            } catch (CertificateEncodingException e) {
                X509Scheme.log.error("Exception parsing certificate", (Throwable) e);
            }
        }

        /* JADX WARN: Failed to find 'out' block for switch in B:5:0x0028. Please report as an issue. */
        private void setHeader(RequestContext requestContext, X509Certificate x509Certificate) throws CertificateEncodingException {
            for (String str : this.headers) {
                String trim = str.trim();
                boolean z = -1;
                switch (trim.hashCode()) {
                    case -752036255:
                        if (trim.equals(COMMON_NAME)) {
                            z = false;
                            break;
                        }
                        break;
                    case 6461636:
                        if (trim.equals(DISTINGUISHED_NAME)) {
                            z = 2;
                            break;
                        }
                        break;
                    case 887798580:
                        if (trim.equals(PUBLIC_KEY)) {
                            z = true;
                            break;
                        }
                        break;
                }
                switch (z) {
                    case false:
                        requestContext.addZuulRequestHeader(COMMON_NAME, new X509CommonNameUserMapper().mapCertificateToMainframeUserId(x509Certificate));
                        break;
                    case true:
                        requestContext.addZuulRequestHeader(PUBLIC_KEY, Base64.getEncoder().encodeToString(x509Certificate.getEncoded()));
                        break;
                    case true:
                        requestContext.addZuulRequestHeader(DISTINGUISHED_NAME, x509Certificate.getSubjectDN().toString());
                        break;
                    default:
                        X509Scheme.log.warn("Unsupported header specified in service metadata, please review apiml.service.authentication.headers, possible values are: X-Certificate-Public, X-Certificate-DistinguishedName, X-Certificate-CommonName\nprovided value: " + str);
                        break;
                }
            }
        }

        @Override // org.zowe.apiml.gateway.security.service.schema.AuthenticationCommand
        public boolean isRequiredValidJwt() {
            return false;
        }

        @Override // org.zowe.apiml.cache.EntryExpiration
        public boolean isExpired() {
            return false;
        }
    }

    @Override // org.zowe.apiml.gateway.security.service.schema.AbstractAuthenticationScheme
    public AuthenticationScheme getScheme() {
        return AuthenticationScheme.X509;
    }

    @Override // org.zowe.apiml.gateway.security.service.schema.AbstractAuthenticationScheme
    public AuthenticationCommand createCommand(Authentication authentication, Supplier<QueryResponse> supplier) {
        String[] split = authentication.getHeaders().split(",");
        return split.length > 0 ? new X509Command(split) : AuthenticationCommand.EMPTY;
    }
}
